ssh alternatives

[Greg Golin]

Thanks, Thing. 

I use AllowUsers -- thats a great directive.

I wonder if its possible to run sshd on two different ports on
separate interfaces..

GG

On 9/20/05, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> We run ssh on a non-standard port and have no issues with scripts....
> 
> Anyway options we use,
> 
> 1) Non-standard ssh port
> 
> 2) IPtables ruleset to limit ssh connections from known subnets or IPs.
> 
> 3) Add config to sshd_config to only allow ssh connection from certain
> users,
> 
> Eg.,
> 
> AllowUsers me you
> 
> Tcpwrappers is also an option.
> 
> We also run iptables to block on other ports eg 80, to our class B
> 
> Regards
> 
> Thing
> 
> 
> -----Original Message-----
> From: Greg Golin [mailto:greg.golin at gmail.com]
> Sent: Wednesday, 21 September 2005 3:46 p.m.
> To: redhat-list at redhat.com
> Subject: ssh alternatives
> 
> Following a discussion on slashdot I would like to ask this list's
> opinion on providing remote access in general and ssh vs other
> solutions in particular.
> 
> So here's the deal. I know most of sshd brute force attempts shall be
> thwarted by running the daemon on a different port. However, many
> existing scripts -- too many to change all of them -- rely on default
> ssh configuration. At the same time, my devs require constant remote
> access to the servers.
> 
> I am currently considering disabling ssh on external interfaces and
> installing openswan.
> 
> What is your opinion on this issue?
> 
> Thanks.
> G
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>